MIP 2 - Path Traversal (CVE-2025-12055)

CVE-2025-12055 is a local file disclosure vulnerability affecting HYDRA X, MIP 2, and FEDRA 2 by MPDV Mikrolab GmbH, allowing unauthenticated attackers to read arbitrary files from the Windows operating system via the vulnerable "Filename" parameter in the $SCHEMAS$ resource. This flaw could be exploited remotely to access sensitive information, potentially leading to further attacks such as credential theft or reconnaissance.

CrowdSec has been tracking this vulnerability and its exploits since 10th of December 2025.

Data from the CrowdSec community indicates that exploitation of CVE-2025-12055 is highly selective and intelligence-driven. Threat actors use advanced reconnaissance and carefully choose their targets, often as part of sophisticated campaigns or advanced persistent threat operations. CrowdSec data also reveals a clear uptick in attacks involving CVE-2025-12055 over the past week. Activity is above the usual baseline, suggesting growing attention from attackers. This may reflect rising awareness, recent exploit releases, or expanded targeting efforts.

Attackers exploit this vulnerability by sending requests to /hx/resources/public/$SCHEMAS$ with a crafted Filename parameter to perform path traversal and access sensitive files on the Windows OS.